--- /dev/null
+/*
+ * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+//
+// socks++int - internal Socks implementation
+//
+#include "socks++5.h"
+#include "hosts.h"
+
+
+namespace Security {
+namespace IPPlusPlus {
+namespace Socks5 {
+
+
+//
+// Socks5 Protocol implementation
+//
+void Server::open(Socket &s, Support &my)
+{
+ s.open(SOCK_STREAM);
+ s.connect(my.mServer->address());
+ secdebug("socks", "%d connected to server %s", s.fd(), string(my.mServer->address()).c_str());
+ Byte request[] = { 5, 1, socksAuthPublic };
+ s.write(request, sizeof(request));
+ Byte reply[2];
+ s.read(reply, sizeof(reply));
+ if (reply[0] != 5 || reply[1] != socksAuthPublic) {
+ secdebug("socks", "%d server failed (v%d auth=%d)", s.fd(), reply[0], reply[1]);
+ s.close();
+ UnixError::throwMe(EPROTONOSUPPORT);
+ }
+}
+
+void Server::connect(SocksClientSocket &me, const IPSockAddress &peer)
+{
+ open(me, me);
+ Message request(socksConnect, peer.address(), peer.port());
+ request.send(me);
+ Message reply(me);
+ me.mLocalAddress = reply.address();
+ me.mPeerAddress = peer;
+ secdebug("socks", "%d socks connected to %s", me.fd(), string(peer).c_str());
+}
+
+void Server::connect(SocksClientSocket &me, const Host &host, IPPort port)
+{
+#if 1
+ //@@@ should be using Hostname (server resolution) mode, but this won't get us
+ //@@@ any useful peer address to use for bind relaying. Need to rethink this scenario.
+ set<IPAddress> addrs = host.addresses();
+ for (set<IPAddress>::const_iterator it = addrs.begin(); it != addrs.end(); it++) {
+ try {
+ IPSockAddress addr(*it, port);
+ connect(me, addr);
+ return;
+ } catch (const UnixError &err) {
+ errno = err.error;
+ }
+ }
+ // exhausted
+ UnixError::throwMe();
+#else
+ open(me, me);
+ Message request(socksConnect, host.name().c_str(), port);
+ request.send(me);
+ Message reply(me);
+ me.mLocalAddress = reply.address();
+ //me.mPeerAddress = not provided by Socks5 protocol;
+ secdebug("socks", "%d socks connected to %s", me.fd(), host.name().c_str());
+#endif
+}
+
+
+void Server::bind(SocksServerSocket &me, const IPAddress &peer, IPPort port)
+{
+ open(me, me);
+ Message request(socksBind, peer, port);
+ request.send(me);
+ Message reply(me);
+ me.mLocalAddress = reply.address();
+ //me.mPeerAddress not available yet;
+ secdebug("socks", "%d socks bound to %s", me.fd(), string(me.mLocalAddress).c_str());
+}
+
+void Server::receive(SocksServerSocket &me, SocksClientSocket &receiver)
+{
+ Message reply(me);
+ receiver.setFd(me.fd(), me.mLocalAddress, reply.address());
+ me.clear(); // clear our own (don't close on destruction)
+ secdebug("socks", "%d socks received from %s", receiver.fd(), string(reply.address()).c_str());
+}
+
+
+//
+// Construct a request from an IPv4 address and port
+//
+Message::Message(Command cmd, IPAddress addr, IPPort port)
+{
+ version = 5;
+ message = cmd;
+ reserved = 0;
+ addressType = socksIPv4;
+ this->addr = addr;
+ this->port = htons(port);
+ length = 4 + sizeof(this->addr) + sizeof(this->port);
+}
+
+
+//
+// Construct a request from a hostname and port (server resolves name)
+//
+Message::Message(Command cmd, const char *hostname, IPPort port)
+{
+ version = 5;
+ message = cmd;
+ reserved = 0;
+ addressType = socksName;
+
+ size_t nameLength = strlen(hostname);
+ if (nameLength > 255)
+ UnixError::throwMe(ENAMETOOLONG);
+ char *addrp = reinterpret_cast<char *>(&addr);
+ addrp[0] = nameLength;
+ memcpy(addrp + 1, hostname, nameLength);
+ IPPort nboPort = htons(port);
+ memcpy(addrp + 1 + nameLength, &nboPort, sizeof(nboPort));
+ length = 4 + 1 + nameLength + sizeof(nboPort);
+}
+
+
+//
+// Send a completed request message
+//
+void Message::send(Socket &s)
+{
+ if (s.write(this, length) != length) {
+ s.close();
+ UnixError::throwMe(EIO);
+ }
+}
+
+
+//
+// Construct a reply object from a socket source.
+// Throws exceptions if the reply is not successful and supported.
+//
+Message::Message(Socket &socket)
+{
+ length = 4 + sizeof(addr) + sizeof(port); //@@@ calculate if addrType != 1 supported
+
+ if (socket.read(this, length) != length) {
+ socket.close();
+ UnixError::throwMe(EIO);
+ }
+
+ // check error code
+ switch (message) {
+ case socksSuccess:
+ break;
+ case socksDenied:
+ UnixError::throwMe(EPERM);
+ case socksNetUnreach:
+ UnixError::throwMe(ENETUNREACH);
+ case socksHostUnreach:
+ UnixError::throwMe(EHOSTUNREACH);
+ case socksConRefused:
+ UnixError::throwMe(ECONNREFUSED);
+ case socksTTLExpired:
+ UnixError::throwMe(ETIMEDOUT); // not really, but what's better?
+ case socksUnsupported:
+ UnixError::throwMe(EOPNOTSUPP);
+ case socksAddressNotSupported:
+ UnixError::throwMe(EADDRNOTAVAIL);
+ default:
+ UnixError::throwMe(EIO); // what else? :-)
+ }
+
+ // can't deal with non-IPv4 address replies
+ if (addressType != socksIPv4 || reserved != 0)
+ UnixError::throwMe(ENOTSUP);
+}
+
+
+} // end namespace Socks
+} // end namespace IPPlusPlus
+} // end namespace Security
projects / apple / security.git / blobdiff